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(54) {Title of invention} Electronic voting method and program recording medium therefor 



(57) {Abstract} 

{Problem} To conceal the correspondence between voter name 
and vote content from persons other than the voter. 
{Solution} The ballot opener generates a public key 
cryptography encryption key and decryption key (SI) and 
distributes the encryption key to all voters (S2); the voter asks 
the authenticator to issue a voting ID (S3); the authenticator 
issues a voting ID to the voter (S4); the voter encrypts the vote 
content with the encryption key (S6) and sends the encrypted 
vote and voting ID to the authenticator (S7); the authenticator 
authenticates the legitimacy of the vote (S8) and sends a list of 
encrypted votes and voting IDs to the ballot opener (SI 1); the 
ballot opener decrypts the encrypted votes with the decryption 
key, counts the votes, and publishes the voting results together 
with the voting IDs (SI 3). 
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SI : Encryption/decryption key generation (processing A) 

S2: Encryption key (Kp) distribution 

S3: Voting ID request 

S4: Voting ID issuance 

S5: Voting ID distribution 

S6: Vote content generation/encryption 

S7: Vote (encrypted with Kp), voting ID 

S8: Voting ID authentication (processing B) 

S9: (encrypted) Vote list publication 



Figure 1 

S10: Confirmation/correction of vote 

S1 1 : Vote (encrypted with Kp), voting ID 

SI 2: Decryption (opening of ballots) (processing C) 

S 1 3: Voting results notification (broadcast) 

S14, SI 5: Inquiry request 

SI 6, Si 7: Inquiry response 

A: Voter device 

B: Authenticator device 

C: Ballot opener device 



{Scope of patent Claims} 

{Claim 1} An electronic voting method using a network, 
distinguished in that: 

a voter device sends the vote to an authenticator device; 
the authenticator device confirms the voter's identity, that the 
vote was cast by the voter in question; and that the vote was not 
cast in duplicate, 

and if all those confirmations are successful, sends the vote send 

to a ballot opener device; and 

the ballot opener device opens the received vote. 

{Claim 2} An electronic voting method as described in Claim 1, 

distinguished in that the ballot opener device generates a public 

key cryptography encryption key and decryption key and 

distributes the encryption key to the voter devices; 

the voter device encrypts votes and sends them to an 

authenticator device; 

the ballot opener device decrypts the encrypted votes with the 
decryption key and opens them. 

{Claim 3} An electronic voting method as described in Claim 1 
or 2, distinguished in that: 

the voter device requests issuance of a voting ID from the 
authenticator device; 

the authenticator device responds to that issuance request by 
issuing a voting ID and distributing it to the user device; 
the voter device appends the voting ID to the vote sent to the 
authenticator device; 

the authenticator device appends the voting ID to the vote sent 
to the ballot opener device; 

the ballot opener device publishes the relationship between 
opened and counted votes and the corresponding voting IDs as 
the voting results to the voter device. 

{Claim 4} An electronic voting method as described in Claims 1 
through 3, distinguished in that: 

the voter device transmits the vote with personal information 
such as name, age and sex appended thereto; 
the authenticator device attaches that personal information 
which it is permissible to publish to the vote and sends it to the 
ballot opener device. 

{Claim 5} A recording medium with a program recorded 
thereon, which causes a voter device computer, in an electronic 
voting method using a network wherein a voter device casts a 
vote via an authenticator device to a ballot opener device, to 
perform: 

processing of making a voting ID issuance request to the 
authenticator device; 

processing of acquiring a voting ID from the authenticator 
device; 

processing of generating vote content and encrypting that vote 
content to generate a vote; 

processing of sending that vote to the authenticator device; 
processing of receiving a vote content confirmation request 
from the authenticator device; 

processing of performing vote generation processing again if 
there are any modifications to the vote content; and 
processing of sending a vote content confirmation response to 
the authenticator device if there are no modifications to the vote 
content. 

{Claim 6} A recording medium with a program recorded 
thereon, which causes an authenticator device computer in an 
electronic voting method using a network, wherein a voter 
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device casts a vote via an authenticator device to a ballot opener 
device, to perform: 

processing of receiving a voting ID issuance request from a 
voter device; 

processing of issuing a voting ID; 

processing of transmitting an issued voting ID to the voter 
device; 

processing of authenticating the legitimacy a received vote; 
processing of authenticating the identity of the voter using a 
received certificate; 

processing of authenticating that a received vote was cast by a 
real voter; 

processing of authenticating that a received vote is not a 
duplicate vote; 

processing of collecting votes received within the voting period 
and generating a list thereof; and 

processing of sending the vote list to a ballot opener device. 
{Claim 7} A recording medium as described in Claim 6, 
distinguished in that said processing of authenticating 
legitimacy comprises: 

processing of authenticating the identity of the voter using a 
received certificate; 

processing of authenticating that the received vote was cast by a 
real voter; and 

processing of authenticating that the received vote is not a 
duplicate vote. 

{Claim 8} A recording medium as described in Claim 6 or 7, 
distinguished in that said program comprises a program which 
causes said computer to execute: 

processing of receiving an inquiry request from said voter 
device; 

processing of transmitting the received inquiry request to the 
ballot opener device; 

processing of receiving an inquiry response from the ballot 
opener device; and 

processing of transmitting the received inquiry response to the 
voter device. 

{Claim 9} Recording medium as described in Claims 6 through 
8, distinguished in that said program comprises a program 
which causes said computer to execute: 

after said legitimacy authentication processing, processing of 
making a vote content confirmation request to the voter device; 
and 

processing of receiving a vote content confirmation response 
from the voter device. 

{Claim 10} A recording medium with a program recorded 
thereon which causes a ballot opener device computer, in an 
electronic voting method using a network wherein a voter 
device casts a vote via an authenticator device to a ballot opener 
device, to perform: 

processing of generating an encryption key and decryption key 
pair; 

processing of distributing said encryption key to the voter 
device; 

processing of acquiring a vote list from the authenticator device; 
processing of decrypting the encrypted votes in the vote list and 
counting the votes; and 

processing of publishing the counted voting results. 

{Claim 11} Recording medium as described in Claim 10, 

distinguished in that said program comprises a program which 
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causes said computer to execute: 

processing of receiving an inquiry request from the 
authenticator device; and 

processing of transmitting an inquiry response for the received 
inquiry request to the authenticator device. 
{Detailed description of the invention} 
{0001} 

{Technical field of the invention} This invention relates to 
electronic voting methods which, in conducting electronic 
voting via a network, allow the voter to conceal the 
correspondence between voter name and vote content from 
persons other than the voter, including the ballot opener, as well 
as to program recording media therefor. 
{0002} 

{Prior art} Electronic voting whereby votes are cast via a 
network is known. For example, it is used in conducting 
popularity contests on the internet. Here, the conditions required 
for use in elections, and the like, where strict precision in 
electronic voting is necessary, are as follows. 
{0003} 

1. Votes must be cast only by eligible voters. 

2. Duplicate voting is not possible. 

3. It is not possible to find out the content of other people's 
votes. 

4. Other people's votes cannot be duplicated. 

5. It must be possible to discover if anyone has committed 
improprieties (forgery or deletion) with vote content. 

6. All voters must be able to confirm before end of voting that 
their vote was valid. 

Electronic voting schemes which fulfill these conditions include 
Schneier's electronic voting protocol. This is performed in 
electronic voting between two parties, the voter and the ballot 
opener. The procedure taken when a voter votes is that the ballot 
opener performs authentication of the voter, judges the 
legitimacy of the vote and opens the ballot, and reflects the vote 
content in the count results. Here, since the ballot opener 
receives the vote directly from the voter, he becomes able to 
find out the correspondence between voter name and vote 
content. In this case, the voter's vote content flows over a 
network, and voters who vote via a network have demands to 
the effect that the voter's personal ideas, intentions and other 
such private information not become known to other persons. 
{0004} Figure 6 shows a conventional electronic voting 
scheme. In Figure 6, voting, authentication and ballot opening is 
performed between two parties, the voter and the ballot opener. 
First, the voter, in order to vote, sends a notification of desire to 
vote to the ballot opener (SI). The ballot opener issues and 
delivers a voting ID to the voter who issued a notification of 
desire to vote (S2, S3), and the voter who has received a voting 
ID generates a key pair, which is a public key/private key (S4). 
Using these keys, the voter generates and encrypts the vote 
content (S5), and sends it together with the voting ID to the 
ballot opener (S6). Having received this, the ballot opener 
performs authentication of the voting ID (S7), generates an 
encrypted vote list, and publishes it to the voter (S8). The voter 
confirms the list and if there are corrections or the like, casts the 
vote again (S9). If the published vote content is adequate, the 
voter sends the decryption key for opening the ballot of that vote 
together with the voting ID (S10). Once the vote content has 
been settled on, after expiration of a specified period of time, the 
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ballot opener decrypts and opens the ballots (SI 1), and 
publishes the vote counting results to the voters (SI 2). 
{0005} The distinguishing features of this method are indicated 
below. 

1. A voting ID is given to eligible voters, which serves as an 
identifier giving them the right to vote (processing SI, S2). 

2. The number of times a voter voted is checked by means of the 
voting ID (processing S7). 

3. Encryption is performed on the vote content (processing S4, 
S5). 

{0006} 4. Attacks from third parties are prevented by appending 
a digital signature and certificate (processing S6, S9, S10). 

5. Tracing is enabled by retaining a list of voting IDs and voter 
names (S2). 

6. Legitimacy of the voting is disclosed by presenting voting 
IDs in the count results (S8, S 1 2). 

{0007} 

{Problems to be solved by the invention} In the prior art, there 
was a problem in that the ballot opener could obtain both the 
voter name and the vote content. Namely, the ballot opener 
could find out the correspondence between voter name and vote 
content, and privacy protection could not be provided to the 
voter. The objective of this invention is to provide an electronic 
voting method which allows the voter to conceal the 
correspondence between voter name and vote content from 
persons other than the voter, including the ballot opener, thereby 
concealing what he voted for, and which furthermore has the 
function of preventing and tracing double voting or improper 
voting, and allows the voter to confirm that his vote was valid. 
{0008} 

{Means of solving the problem} As a method of achieving the 
aforementioned objective, in this invention, an authenticator 
device is provided as an intermediary device between the voter 
device and ballot opener device, which separates the 
correspondence between voter name and vote content while 
authenticating the voter. Furthermore, when an authenticator 
device is provided, it is necessary to conceal the vote content 
from the authenticator device in order for the authenticator 
device to receive a vote from the voter device, so encryption is 
performed on the vote content which allows the ballot to be 
opened only by the ballot opener device. The generation of 
encryption and decryption keys for this purpose is performed by 
the ballot opener device, while the encryption of the vote is 
performed by the voter device itself, thereby concealing the vote 
content from persons other than the voter, except for the ballot 
opener. 

{0009} The voter device receives the key for encrypting the 
vote from the ballot opener device. The voter device is 
distinguished in that it has the functions of performing voting ID 
issuance processing whereby it transmits a voting ID issuance 
request to the authenticator device to obtain a voting ID which is 
needed when voting, as a result of which a voting ID issuance 
response is received and a voting ID is obtained; vote casting 
processing whereby it acquires a voting ID, generates and 
encrypts the vote content, transmits a vote casting request to the 
authenticator device, receives a vote casting reply from the 
authenticator device, and subsequently transmits the encrypted 
vote content together with the voting ID to the authenticator 
device, receives a vote content confirmation request from the 
authenticator device, and if there are no modifications, transmits 
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a vote content confirmation response to the authenticator device; 
voting result notification processing which allows the results of 
voting and the validity of one's own vote to be confirmed; and 
inquiry processing regarding the voting results. 
{0010} The authenticator device is distinguished in that it has 
the functions of performing voting ID issuance processing 
whereby it receives a voting ID issuance request from the voter 
device, issues a voting ID and as a result transmits a voting ID 
issuance response to the voter device; authentication processing 
whereby it receives a voting request from the voter device, 
replies with a voting response, receives the vote, and confirms 
the legitimacy of the vote; vote casting processing whereby it 
transmits a vote content confirmation request to the voter device 
and receives a vote content confirmation response from the 
voter device; vote list deposit processing whereby it generates a 
vote list and transmits a vote list deposit request to the ballot 
opener device, receives a vote list deposit response from the 
ballot opener device, and performs vote list distribution to the 
ballot opener device; and inquiry processing whereby it receives 
an inquiry request from the voter device, transmits an inquiry 
request to the ballot opener device, receives an inquiry response 
from the ballot opener device, and transmits an inquiry response 
to the voter device. 

{0011} The ballot opener device is distinguished in that it has 
the functions of performing encryption key distribution 
processing whereby it distributes the encryption key generated 
by encryption and decryption key generation processing to the 
voter device; vote list deposit processing whereby it receives a 
vote list deposit request from the authenticator device, answers 
with a vote list deposit response, and receives the vote list; 
voting result notification processing whereby it opens (decrypts) 
the vote list, counts the votes, and distributes the voting results 
to the voter devices; and inquiry processing whereby it receives 
an inquiry request from the authenticator device and transmits 
an inquiry response to the authenticator device. 
Operation 

By providing an authenticator device which authenticates the 
voter as an intermediary device, the ballot opener device 
becomes unable to discern the voter name, as a result of which 
the voter's privacy is protected in relation to the ballot opener. 
{0012} Furthermore, when an authenticator device is provided, 
the ballot opener device generates an encryption key and 
decryption key for the votes. Public key encryption is used as 
the encryption scheme. Here, the authenticator device distributes 
the generated encryption key in advance to the voter devices, 
while keeping the decryption key secret. This allows the voter 
device to perform encryption on the vote content, allowing the 
vote content to be concealed from persons other than the voter, 
except for the ballot opener. 
{0013} 

{Modes of embodiment of the invention} An outline of the 
electronic voting method of this invention whereby an 
intermediary (authenticator device) is provided and the ballot 
opener device is made the device which generates the key for 
encrypting vote content is shown in Figure 1. First, the ballot 
opener device generates an encryption key (public key) and 
decryption key (private key) (SI) (processing A), and distributes 
the encryption key Kp to the voter devices (S2). The voter 
device request a voting ID which is needed when voting from 
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the authenticator device (S3), and the authenticator device issues 
a voting ID (S4) and distributes it to the voter device (S5). The 
correspondence between the voting ID and voter device is stored 
in the authenticator device. 

{0014} The voter device uses the encryption key Kp obtained 
from the ballot opener device to encrypt the vote content (S6) 
and transmits the encrypted vote and voting ID to the 
authenticator device (S7). Receiving this, the authenticator 
device performs voter authentication (S8) (processing B), and if 
legitimacy of the vote can be established, transfers the vote and 
its voting ID to the ballot opener device (SI 1). Here, if required, 
the authenticator device publishes an encrypted vote list to the 
voter device and request cormrmation of vote content (S9), the 
voter device confirms the vote content and votes again if there 
are any modifications (S10). The authenticator device which has 
received a vote cannot perform improper opening of the ballot 
since it does not have the decryption key. The ballot opener 
device, having received a voter device's vote from the 
authenticator device, opens the ballot using the decryption key 
(SI 2) (processing C), and the ballot opening results are 
communicated to all voter devices via a broadcast (SI 3) 
(processing D). If a voter's own voting ID is contained in the 
vote content in the ballot opening results, it means his ballot was 
correctly opened; if his voting ID is not contained there, the 
voter sends an inquiry request to the authenticator device (S14), 
and the authenticator device sends the inquiry request to the 
ballot opener device (SI 5). The ballot opener device sends a 
response to the inquiry to the authenticator device (SI 6), and the 
authenticator device sends that inquiry response to the user 
device (SI 7). 

{0015} Figure 2 shows the processing involved in the voting 
process in this invention. First, in the encryption key distribution 
processing, the ballot opener device generates the encryption 
key and decryption key for performing encryption on the vote 
content for the voter devices. The encryption key generated here 
is distributed to all the voter devices. In the voting ID issuance 
processing, the authenticator device issues and provides the 
voting ID needed when voting to the voter device. The vote 
casting processing is carried out when a vote is actually cast. 
The vote list deposit processing is executed when the vote list 
generated from votes collected by the authenticator device is 
provided to the ballot opener device. Inquiry processing is 
executed when a voter device makes an inquiry regarding the 
voting results. 

{0016} Figure 3 shows a flow chart of the voter device in this 
invention. First, it is necessary to obtain the voter ID and 
password for receiving the service via an existing WWW 
browser (SI). If they have been acquired, the voting service can 
be used; if they have not been acquired, a voter ID and password 
issuance request is made (S2). Namely, a voter ID and password 
correspond to the qualifications for participating in this system, 
i.e. to the right to vote. By entering a voter ID and password, an 
encryption key can be obtained (S3). Next, the possession of a 
certificate needed for voting is confirmed (S4), and if it is not in 
possession, issuance of a certificate is requested (S5). If it is in 
possession, selection of the certificate is carried out (S6). The 
certificate selected here is used to transmit to the authenticator 
device when voting. That is, the certificate serves to authenticate 
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the identity of the voter; the certificate is issued by an 
authenticating authority and comprises certification by the 
authenticating authority of the name or identifier (ID) of the 
voter, as' well as his public key and the like. A voter device for 
instance encrypts a random number R with the secret key 
corresponding to its public key and sends the encrypted random 
number R and the certificate to the authenticator device; the 
authenticator device decrypts the encrypted random number 
with the certificate's public key, and if the decryption results are 
equal to the received R, the person holding the secret key 
corresponding to that public key is considered to match the 
person with the name on that certificate and his identify is 
authenticated. Just as multiple credit cards are used, this 
certificate may also be issued by multiple authenticating 
authorities, in which case selection of a certificate becomes 
necessary. 

{0017} When actually voting, a voting ID required for each 
instance of voting becomes necessary. In order to acquire a 
voting ID, a voting ID issuance request is transmitted to the 
authenticator device (S7), reception of a voting ID issuance 
response is awaited (S8), and a voting ID is obtained (S9). If a 
voting ID has previously been acquired, a previously issued 
voting ID is acquired. Next, voting request to cast a vote is 
made (for example, a request for ballot) (S10), and then the 
voting response is received (for example, a ballot) (SI 1). Next, 
vote content is generated and encryption processing is 
performed (SI 2). If one has already voted, a confirmation of the 
previously cast vote content is transmitted. If one has not yet 
voted, a vote can be cast (SI 3). A vote content confirmation is 
made in response to an inquiry as to whether this content from 
the authenticator device is acceptable (SI 4), and if there are no 
modifications (SI 5), vote content confirmation response 
processing indicating that there are no modifications is carried 
out (SI 6), while if there are modifications, one returns to step 
SI 2, generates vote content anew and re- votes. Subsequently, 
once the voting deadline has expired and voting results have 
reached the voter (SI 7), confirmation of voting results is 
performed (SI 8), and the validity of one's own vote is 
confirmed (SI 9, S20). 

{0018} Figure 4 shows a flow chart of the authenticator device 
in this invention. If the authenticator device does not possess a 
certificate necessary for the series of voting services (SI), it 
requests issuance of a certificate (S2), and if does possess one, 
the certificate is selected (S3). The various types of processing 
are performed using the certificate selected here. The device 
waits to receive a request (S4). If the request received is a voting 
ID issuance request (S5), the device examines whether or not a 
voting ID has been issued based on a table of voters and voting 
IDs (S6), performs issuance of a voting ID if none has been 
issued (S7), adds that voting ID to the table of voters and voting 
IDs, and transmits the voting ID to the voter device (S8). If one 
has previously been issued, the previously issued voting ID is 
transmitted. Furthermore, if the request received is a vote 
casting request (S9), the device examines whether or not a vote 
has been cast (S10), and if a vote was already cast, it request the 
voter device to confirm the content of the previously cast vote 
(SI 1). i.e. obtains confirmation if such content is acceptable. If 
no vote has yet been cast, it accepts a vote (SI 2), and performs 
processing to authenticate the vote's legitimacy (S13). Namely, 
the identity of the voter is confirmed through identity 
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authentication using the certificate that was received at the same 
time, the vote is confirmed to be the voter's by checking the 
correspondence between the voter and voting ID sent at the 
same time against the table of voter IDs and voters maintained 
by the authenticator device, and the vote is confirmed not to be a 
duplicate vote by confirming that a vote was not already cast 
based on the received voting ID. 

{0019} If all these confirmations are successful, the voter 
device is requested to confirm the vote content (SI 1). A vote 
content confirmation response is received from the voter device, 
and if there are any modifications to the vote content (S14), the 
authenticator device returns to step SI 3 and performs 
authentication processing, while if there are no modifications to 
the vote content, the confirmed vote is stored (SI 5). Once the 
voting deadline has expired (SI 6), the stored votes are collected 
to generate a vote list (SI 7). In order to provide this vote list to 
the ballot opener device, a vote list deposit request (an inquiry 
as to whether a vote list may be sent) is transmitted to the ballot 
opener device (SI 8), and a response is awaited (SI 9). If a 
response to the effect that the list may be sent is received, a vote 
list is delivered to the ballot opener device (S20). Furthermore, 
if the request received is an inquiry request (S21), that inquiry 
request is sent to the ballot opener device (S22), and upon 
receiving an inquiry response to that inquiry request from the 
ballot opener device (S23), that inquiry response is returned to 
the voter device (S24), and the authenticator device returns to a 
request reception standby state of step S4. When performing the 
above transmissions from the authenticator device to the voter 
device or ballot opener device, a certificate is appended to the 
transmission content, allowing the device receiving it to 
authenticate that it was indeed received from the authenticator 
device, i.e. to authenticate the sender's identity. 
{0020} Figure 5 shows the flow chart of the ballot opener 
device in this invention. If the ballot opener device does not 
possess a certificate necessary for the series of voting services 
(SI), it requests issuance of a certificate (S2), and if does 
possess one, the certificate is selected (S3). The various types of 
processing are performed using the certificate selected here. 
First, the encryption key used on the vote content when voting is 
generated (S4) and distributed to voter devices (S5). Thereafter, 
the device enters a request reception standby state (S6). Here, if 
the request received is a vote list deposit request (an inquiry as 
to whether a vote list may be transmitted) from the authenticator 
device (S7), a vote list deposit response (ready to receive) is 
transmitted to the authenticator device (S8), and a vote list is 
acquired from the authenticator device (S9). Opening 
(decryption) of ballots is performed on this vote list and the 
votes are counted (S10), and the voting results are transmitted to 
all the voter devices (SI 1). Voting IDs with which votes were 
cast are attached to the voting results, enabling the voter to 
confirm that his vote was cast correctly based on his voting ID. 
Furthermore, if the request received is an inquiry request (S12), 
the inquiry response is returned to the authenticator device and 
the ballot opener device returns to the request reception standby 
stateofstepS6(S13). 

{0021 } In the above, the voting ID may be omitted if there is no 
need to find out the validity of one's own vote. Furthermore, in 
order to confirm that the content of a vote has been correctly 
generated by the voter himself and has not been forged, a digital 
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signature may be appended to the vote content encrypted by the 
voter device, and verification of this signature performed by the 
authenticator device. Furthermore, if the voter device sends 
personal information such as name, age and sex together with 
the vote to the authenticator device and the authenticator device 
sends the personal information which it is considered acceptable 
to publish to the ballot opener device, analytical data showing 
the age differences, sex differences, etc. relating to items on the 
ballot can be generated when voting results are counted. 
{0022} 

{Effect of the invention} According to this invention as 
described above, an authenticator device is provided as an 
intermediary device between the voter device and ballot opener 
device and is made to carry out voter authentication tasks, the 
key for encrypting the voter's vote content is generated by the 
ballot opener device, and the encryption key is delivered before 
the voter device performs voting, thereby yielding the effect of 
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concealing the correspondence between voter name and vote 
content from persons other than the voter and ensuring that the 
voter's privacy is protected. 
{Brief description of the drawings} 

{Figure 1} A drawing which shows the electronic voting 
procedure of this invention. 

{Figure 2} A drawing which shows the types of processing in 
this invention. 

{Figure 3} A drawing which shows the processing procedure of 
the voter device. 

{Figure 4} A figure which shows the processing procedure of 
the authenticator device. 

{Figure 5} A figure which shows the processing procedure of 
the ballot opener device. 

{Figure 6} A figure which shows the procedure of a 
conventional electronic voting method. 
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S 1 : Encryption/decryption key 
generation (processing A) 

S2: Encryption key (Kp) distribution 

S3: Voting ID request 

S4: Voting ID issuance 

S5: Voting ID distribution 

S6: Vote content 

generation/encryption 

S7: Vote (encrypted with Kp), voting 
ID 

S8: Voting ID authentication 

(processing B) 
S9: (encrypted) vote list publication 



S10: Confirmation/correction of vote 
SI 1 : Vote (encrypted with Kp), 

voting ID 
SI 2: Decryption (opening of ballots) 

(processing C) 
SI 3: Voting results notification 

(broadcast) 
S14, SI 5: Inquiry request 
SI 6, SI 7: Inquiry response 
A: Voter device 
B: Authenticator device 
C: Ballot opener device 
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Figure 2 

A: Voter device p: 

B: Authenticator device R; 

C: Ballot opener device Q: 

D: Encryption key distribution S: 

processing T: 

E: Voting ID issuance processing U: 

F: Voting ID issuance request V: 
G: Voting ID issuance response 

H: Voting ID issuance processing W: 
1: Vote content generation/encryption 

processing X: 

J: Vote casting processing Y: 

K: Vote casting request Z: 

L: Vote casting response AA 

M: Vote casting BB: 

N: Vote content confirmation request CC: 
O: Vote content confirmation response 



Vote collection processing 
Vote list generation 
Vote list deposit processing 
Vote list deposit request 
Vote list deposit response 
Vote list distribution 
Voting results notification 
processing 

Ballot opening (decryption) 
processing 

Vote results counting 
Vote results confirmation 
Inquiry processing 
Inquiry request/response 
Inquiry processing 
Inquiry request/response 



(8) 



{Figure 3} 




1*4: 





Figure 3 




A: Start 


S10 


Transmit vote casting request 


B: End 


SI 1: 


Vote casting response received? 


C: Vote has been cast 


S12: 


Vote content 


D: Vote has not been cast 




generation/encryption processing 


SI : User ID, password acquired? 


S13: 


Cast vote 


S2: Request issuance of user ID, 


S14: 


Vote content confirmation request 


password 




received? 


S3: Acquire encryption key 


S15: 


No modifications to vote content? 


S4: Certificate acquired? 


S16: 


Transmit vote content 


S5: Request issuance of certificate 




confirmation response 


S6: Selection of certificate 


S17: 


Voting results were delivered? 


S7: Transmit voting ID issuance 


S18: 


Voting results confirmation 


request 




processing 


S8: Voting ID issuance response 


S19: 


No errors? 


received? 


S20: 


Inquiry processing 


S9: Acquire voting ID 
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Figure 4 



A: Start 

B: In case of voting ID issuance 
request 

C: In case of inquiry request 

D: In case of vote casting request 

SI : Certificate acquired? 

S2: Request issuance of certificate 

S3: Selection of certificate 

S4: Request received 

S5: Voting ID issuance request 

received 
S6: Voting ID not issued yet? 
S7: Voting ID issuance processing 
S8: Transmit voting ID issuance 

response (voting ID) 
S9: Vote casting request received 
S10: No vote cast yet? 
SI 1 : Transmit vote content 
confirmation request 



SI 2: Transmit vote casting response 
SI 3: Vote acquisition/authentication 

processing 
SI 4: Was vote content modified? 
SI 5: Receive vote content 

confirmation response 
SI 6: Voting deadline expired? 
SI 7: Vote collection/list generation 

processing 
SI 8: Transmit vote list deposit request 
S 1 9: Vote list deposit response 

received? 
S20: Vote list delivery 
S21 : Receive inquiry request 
S22: Transmit inquiry request 
S23: Receive inquiry response 
S24: Transmit inquiry response 
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Figure 5 



A: Start 

B: In case of inquiry request 

C: In case of vote list deposit request 

SI: Certificate acquired? 

S2: Request issuance of certificate 

S3: Selection of certificate 

S4: Encryption key/decryption key 

generation 
S5: Encryption key distribution 
S6: Request received 



S7: Vote list deposit request received 
S8: Transmit vote list deposit 

response 
S9: Acquire vote list 
S10: Ballot opening (decryption), 

counting processing 
Sll : Transmit voting results 
S12: Inquiry request received 
SI 3: Transmit inquiry response 
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A: Voter device 

B: Ballot opener device 

SI : Voting ID request 

S2: Voting ID issuance (processing 

S3: Voting ID distribution 

S4: Encryption key/decryption key 

generation 
S5: Vote content 

generation/encryption 



S6: Vote (encrypted), voting ID 
S7: Voting ID authentication 
S8: (encrypted) vote list publication 
A) S9: Vote confirmation/correction 
S10: Decryption key, voting ID 
Sll: Decryption (ballot opening) 

(processing B) 
SI 2: Voting results notification 
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